and linux is a mere 13% So the questions becomes, is linux being utilized or are corporations going between Windows and AIX/HP-UX/etc?
For my company it was simpler and more cost effective to stay with Windows, using linux perhaps 5-6 times throughout the enterprise. My division is exclusively windows based. It often makes more sense to go with the "bloated" system because of its established integrations. Our developers are .net developers, our 3rd party applications are windows based, the IT staff is experienced with Windows Server. The userbase knows Windows and Office. Sure we could probably save a ton of money on hardware going to a mostly Linux enviornment, but what would it cost to get all our 3rd party apps running on linux, what would it cost re-educating 60k employees, hire an entire new development staff, all while proceeding with business as usual? Would it probably be cheaper in the long term, once the pain was over? Most probably, would that pain be worth the potential risk in losing billions in contracts? Not likely.
Should devices like BigIP's be counted in MS's paper? I dunno, its an embedded OS on an appliance, why not count all the devices running Cisco iOS as well.
Also, notice that the examples given for companies running Linux are all relatively new, and didn't have an established infrastructure in place to uproot and replace. I would imagine starting from scratch makes it a lot easier to pick Linux since you can tailor all your choices on a blank slate.
I disagree, based on the article it seems clear that auditor does have liability. Audits are done to verify the systems meet some predetermined level of security, to meet this level requires having certain things in place (Firewall, Encryption, etc.) In this particular case CardSystems was certified as compliant with the CISP standards. However the nature of the breach shows how they were in fact not in compliance.
"The data belonged to card transactions that CardSystems had retained on its system and stored in unencrypted format, both violations of CISP standards"
This could indicate 2 things, 1 that Savvis did an underwhelming job during the audit, or that after the audit CardSystems dramatically altered its infrastructure in such a way that data that once sat in an encrypted state OFF its own systems now do. As someone who manages a fairly large infrastructure I find it difficult to believe that CardSystems drastically altered its systems in a 1 year +/- timeline (Audit Certification date to Hack Discloser), corporate red tape being what it is and all.
Considering some of the points in the article such as "Yet Heartland Payment Systems and RBS WorldPay, two processors that recently experienced large breaches, were certified compliant before they were breached. And Hannaford Bros. was certified in February 2008 while an ongoing breach of the company’s system was underway." seems to indicate that there are some lackluster audits going on.
I'm not sure about rational or not, however from my personal experience selling the odd item here and there I've noticed the following trend. Items I've listed never sell with only 1 bidder. I've had almost every auction item go as follows:
Step 1: List item at lowest price you think you will accept.
Step 2: When auction ends relist the item about 15-20% cheaper but increase the shipping and handling fee.
Step 3: Auction ends about 25% above my initial listing price and with about 5 or 6 interested bidders.
Its as if no one wants to make the first move, but when someone does its like chumming the waters.
So I guess based on my decidedly non-scientific methods I would say that eBay auctions are definetly not rational.
Techdirt has not posted any stories submitted by Rob Clendenin.